CVE-2025-13490

MEDIUM

IBM App Connect Operator - Info Disclosure

Title source: llm

Description

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man‑in‑the‑middle techniques.

References (1)

[Various Sources] https://www.ibm.com/support/pages/node/7262271

Scores

CVSS v3 5.9

EPSS 0.0001

EPSS Percentile 1.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (25)

ibm/app_connect_enterprise_certified_containers_operands 12.0.11.2 r1

ibm/app_connect_enterprise_certified_containers_operands 12.0.11.3 r1

ibm/app_connect_enterprise_certified_containers_operands 12.0.12 r1 (20 CPE variants)

ibm/app_connect_enterprise_certified_containers_operands 12.0.12.0 r1 (2 CPE variants)

ibm/app_connect_enterprise_certified_containers_operands 12.0.12.2 r1

ibm/app_connect_enterprise_certified_containers_operands 12.0.12.3 r1

ibm/app_connect_enterprise_certified_containers_operands 12.0.12.4 r1

ibm/app_connect_enterprise_certified_containers_operands 12.0.12.5 r1

ibm/app_connect_enterprise_certified_containers_operands 13.0.1.0 r1 (2 CPE variants)

ibm/app_connect_enterprise_certified_containers_operands 13.0.1.1 r1

... and 15 more

Published Mar 03, 2026

Tracked Since Mar 04, 2026